John Klossner

Contractor IDs: A lesson from Harry Potter

I have avoided making a Harry Potter reference in this blog for some time now. One reason is that I don't want to give away the fact that I have been one of those adults who enjoyed – okay, was obsessed with – the Harry Potter stories. Another reason, in a similar vein, is that I feel that referencing a young adult's book would detract from any serious points I'm trying to make. And finally, I don't want anyone involved in the federal workforce world to think I am comparing them to a Death Eater.

But, as the saying goes, if not now, when? The first part of the last Harry Potter movie was just released, and realistically I have only several months left of Harry Potter references being relevant on a nationwide or even worldwide cultural level. After that I'll only be able to refer to Dumbledore, Dobby and Dementors with other embarrassed adults I meet in obscure chat rooms, or with 10-year-olds. And based on my experience so far, most 10-year-olds – unless they're related and it's a gift-giving occasion – don't want to have anything to do with me.

Also, as another saying goes, write what you know.

The point I want to reference is that, as the stories become more mature and darker, the good guys worry about being infiltrated by the bad guys. (Those of you who are familiar with the stories know the specifics – this explanation is aimed at the 12 people who haven't read any of the books. The rest of you can go online for movie tickets.) This being the wizard world, everyone can take various physical shapes, even looking like someone else. To protect against this, the good guys identify themselves for each other with personal information. This is similar to the personal questions we all establish for ourselves for our online bank accounts and other security clearances, with the difference being that our online bank accounts would never sell a billion copies.

These questions and statements would include things like "What was the last thing you said to me when we last met?," "What do you teach in the wizarding school?," "What is your nickname?," and "Can you cast a spell that will improve my bank account?" (just kidding on the last one).

I am reminded of this when reading about the latest fed-contractor controversy. Earlier this year, the Defense Department began enforcing a rule requiring contractors to identify themselves in all communications, whether in person, on the phone or by e-mail (see the FCW story here). As someone who doesn't spend time in agency offices, I find this confusing. Is the issue here that contractors taking and misusing sensitive information has become an overwhelming problem? Or that the divide between feds and private-sector personnel is so loaded that if one side was aware of the other's presence they wouldn't "play nice?" Is this a real problem or a perceived problem that personnel on both sides maintain?

Contractors aren't allowed access to certain sensitive data, and feds don't want to inadvertently share this data with them. Understandable. But are feds in the habit of sharing sensitive data with unidentified strangers to begin with? Or do they assume that if someone has physical or communication access to an agency they are safe to share this data with? Is there a substantial list of examples of contractors stealing and/or misusing information?

Or is this just another skirmish in the fed-contractor wars? It smells of being a communication issue. Regardless of how many bodies walk through or contact agencies, do feds share information with people they know nothing about? That was the point made in the article by Bob Woods, a retired fed. “The rule only exacerbates the situation. Worse yet, it’s not even necessary, because feds know who the contractors are,” he said. “If not, they’re not being diligent."

(I can already hear one response to my question: People lie. In this case, contractors. Aren't there existing penalties for anyone who accesses sensitive information without having clearance? I feel so naive even typing that sentence – kind of like pointing out it's illegal to drive over 55 on the highway. But writing another law requiring drivers to say if they drive fast won't cut down the amount of speeders.)

On the other side, is it that hard for contractors to identify themselves? If asked "Are you a contractor?", are those fighting words? Or, if you identify yourself as a contractor, does everyone yell "unclean!" and you have to eat lunch alone for the next 10 years? I get the feeling that this is another story where the stereotypes represent a handful of extreme cases yet the majority of the anecdotes. It would seem that encouraging all players to – gulp – talk some more might help the situation.

That said, maybe we need to take a page from the Harry Potter tales and, instead of our usual greetings, start all conversations with a couple questions to – based on the response – help us figure out which side the person we are speaking with is on. I suggest the following:

* Do you think feds are paid too much?* Can you recommend a discount clothing store?* Didn't you love the recent issue of “Martha Stewart’s Public-sector Cafeterias”?* What motivates you more: creating an efficient and fair society or the new Audi A8?* Does the "G" in G-15 stand for "good job?"

The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.